Drupalgeddon2 – All Drupal users should patch their install now

If you presently have a Drupal installation, you need to update it urgently.

A botnet is currently exploiting a Drupal CMS vulnerability, by using already compromised systems to infect new machines. The botnet is exploiting the CVE-2018-7600 vulnerability, known as Drupalgeddon 2, to gain the ability to execute commands on a server running Drupal.

Add your existing Drupal install to Softaculous for automatic updates

All Clook customers have access to Softaculous via their cPanel dashboard. By adding your Drupal 7 or 8 store to Softaculous, you will be able to select the auto upgrade option, to ensure you are always on the latest version of Drupal.

1

Login to cPanel

2

Click the Softaculous link under the Software banner

3

Search for Drupal using the search box in the top left and click the Drupal link in the left hand menu

4

Click the import link on the top right hand side of the page

5

Check the details are correct and click the import button

6

Congratulations, your Drupal install should now have been imported into Softaculous

Update 27/04/18

Today (27/04/18) we’ve updated our mod security rules to try to help mitigate these attacks. This does not remove the requirement to update your Drupal store. There is a small chance that the updates may cause some false positives – please contact our support team if you have any issues.